docs: address review findings on YAML depth validation
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m20s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m49s
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m20s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m49s
- Add safety note on Strict() decoder not expanding aliases recursively, since alias resolution uses the pre-validated AST (finding #1) - Document that ast.Node map keys rely on pointer identity, which holds because all goccy/go-yaml AST types are pointer receivers (finding #2) - Clarify AnchorNode comment: effective depth budget is reduced for anchor+alias pairs, not literally halved (finding #3) - Improve test depth trace comment for accuracy (finding #4) - Add HTML comment in CONVENTIONS.md referencing #91 for the two-step process deviation (finding #5)
This commit is contained in:
claw
@@ -21,6 +21,8 @@ To request a new dependency:
|
||||
2. Requires explicit approval from Aaron
|
||||
3. After merge, a separate PR may use the package
|
||||
|
||||
<!-- Deviation from step 1+3 for go-yaml migration: see #91 for rationale. -->
|
||||
|
||||
*Enforcement: `scripts/check-deps.sh` parses this table — update only here.*
|
||||
|
||||
## Error Handling
|
||||
|
||||
Reference in New Issue
Block a user